Services Offered by Amarjit Singh as a Freelancer

Hi Friends...Freelancing is tough. It can be very difficult, in fact. It can wear people down, making them lose sight of what they used to love because they have to do everything else just to get by.

Unified Threat Management Systems - Guide to UTMs

Hi folks..this time I will be exploring the Unified Threat Management systems and comparing multiple UTM products in the same. Unified Threat Management devices are relatively new in the security appliance scenario and are in the phase of continuous evolution. UTM has attracted industry leaders like Juniper, Fortinet, Cisco, IBM, Intel, Cyberoam and there are a lot of UTM products to choose from. I am however working on the Cyberoam one and will be continuing my tests on it.

Top Indian Hackers List

There has been a lot of commotion in the Indian Hacking scene lately, and I expressed some pretty strong views regarding that. When it comes to hacking, every other guy tends to tape the "hacker" word with his name/codename without even realizing its significance. In the end tired of all the bullshit around, I decided to cover an article on the REAL INDIAN HACKERS (or Hackers of Indian Origin), folks who are actually dedicated to security and are hackers in real sense. Lets start, shall we ?

Top Hacking Magazine List with Review

Except these Magazines, all other so called Indian Hacking magazines are BOGUS and copy pasting contents from INTERNET. Wake up GUYS. Simple ask your self that are you really learning something from what you are reading or not?. This time I will be blogging about some really good magazines and zines where you can learn about computer and IT security. If you want to go through the previous articles in the series, you are welcome to give them a read.

Yersinia: How to analyzing and testing Network Protocols

Yersinia is a free open source utility written entirely in C which is great for security professionals, pen testers and hacker enthusiasts alike. Yersinia is a solid framework for analyzing and testing network protocols, and it is a great network tool designed to take advantage of some weaknesses in different network protocols.

Tuesday, March 3, 2015

Most of the time, I always be a part of layer 2 routing loop discussion but never heard about the engineers talking about layer 3 routing loop problem. This is being experienced during my recent visit in some company where all engineers knows why to use Spanning Tree Protocol but none of them knew why to use split horizon and route poisoning.

In layer 3 networks, there might chance of routing loops and split horizon, hold down timers and route poisoning are the techniques which help to prevent the layer 3 routing loop. Below depicted Figure 1 is showing the converge network. Let’s assume in case of failure of 10.4.0.0 network, router C will forward the update to router B and router B will forward the update to router A and router C as well. By doing this the same kind of the update which is being generated by C is received and C might think that he is getting the information of 10.4.0.0 network from B but In fact, 10.4.0.0 network is directly attached to router C. This situation can arise in smaller networks too.

The first work around is the split horizon technique which says not to send the updates to the interfaces from it has been received. It looks like send update information (Number of interfaces – Receiving Interface Updates).Next one is route poisoning, when the router detects link down, the attached router sends the update to its neighbors. But in this case, the receiving router can send back the received information to the same interface from where it received by setting the route metric to maximum. Definitely this is the violation of split horizon rule but it helps router to understand about that particular network is down or inaccessible which actually help the convergence of routing. Now 10.4.0.0 is poisoned route which is having the maximum metric assigned as the route is not reachable. When the neighbor send the route back to the originator, it becomes reverse poisoned.

What does route poisoning do?1. Set the hop count to an unreachable state as soon as the failed network is detected2. Route remains poisoned until the hold-down timer expires.3. Hold timer depends on the routing protocol; Every protocol is having different hold-down timer.4. Only uni direction traffic flow.5. If the route is not back up during the hold down time period expires, that route is removed from the routing table and added in the garbage table.

The last one is Hold Down timers. What does hold-timers do?1. A router receives an update from a neighbor indicating that a network that previously was accessible is now no longer accessible.2. The receiving router marks that route possibly down and starts the hold-down timer.3. If an update with a better metric for that network is received from any neighboring router during the hold-down period, the network is reinstated and the hold-down timer is removed.4. If an update from any other neighbor is received during the hold-down period with the same or worse metric for that network, that update is ignored. Thus, more time is allowed for the information about the change to be propagated.5. Routers still forward packets to destination networks that are marked as possibly down. This allows the router to overcome any issues associated with intermittent connectivity. If the destination network truly is unavailable and the packets are forwarded, black hole routing is created and lasts until the hold-down timer expires. (Very Important Point). This could be the reason, administrators look forward to reduce the hold-down timers to increase the convergence time. Definitely if the network is not stable these timers generates lot of messages.

As per section 2.2.2, RFC 1058 explicitly says that “Split horizon with poisoned reverse will prevent any routing loops that involve only two gateways. However, it is still possible to end up with patterns in which three gateways are engaged in mutual deception.” Definitely this could be the case of broadcast of multi-access networks.

1. Difference between hub, bridge and switch?2. What is mac address and why it is required?3. In layer 2 domain do we need ip address for communication?4. What is arp and why it is required?5. What is Spanning Tree Protocol aka STP?6. What is the difference between STP, MSTP, PVST and RSTP?7. Can we use the two same paths for same vlan?8. What is the difference between broadcast and collision domain?9. Define type of lan traffic.10. What is destination address of broadcast frame?11. Can we connect a switch to switch with straight cable?12. Define functions of switch.13. What is arp timeout?14. What is aging process?15. What is BPDU?16. What is path cost?17. Define selection criteria of STP root bridge.18. How to non bridge decide which port will elect as root port?19. If a nonroot bridge has two redundant ports with the same root path cost, how does the bridge choose which port will be the root port?20. Port states of spanning tree protocol.21. If the users face delay during initial login, what you will suggest to implement?22. Why spanning tree BPDU filter is used?23. Can I use BPDU filter on trunk ports?24. What is port security?25. I want to learn only a single mac from the port, what need to be configured?26. Can we use spanning port-fast on trunk ports?27. If management ip address is changed, will user’s traffic will be dropped?28. Difference between trunk and access port?29. What is UDLD and why it is required?30. What is interface vlan on switch?31. How to perform inter vlan routing without layer 3 device?32. How to stop superior bpdu participating in switching domain?33. How Vlan In Local Switching Domain is selected?34. How to provide redundancy to MPLSVPN customer?

Sunday, March 1, 2015

After IGP and BGP questions, I prepared basic list of MPLS interview questions which could help you to clear your next level. In the up coming post, I will be covering switching. Below is the list of questions:-

The latest Web app attacks and countermeasures from world-renowned practitioners Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker.Written by recognized security practitioners and thought leaders, is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource. Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation Understand how attackers defeat commonly used Web authentication technologies See how real-world session attacks leak sensitive data and how to fortify your applications Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments Safety deploy XML, social networking, cloud computing, and Web 2.0 services Defend against RIA, Ajax, UGC, and browser-based, client-side exploits Implement scalable threat modeling, code review, application scanning, fuzzing, and security testing procedures

Every time I have been asked what kind of security recommendations are required for data center access layer? Let's understand what does Access Layer in data center is used for first.

The data center access layer provides Layer-2 connectivity for server farms. In most cases the primary role of the access layer is to provide port density for scaling the server farm or a network segment; it could be Physical or Virtual. Security at the access layer is primarily focused on securing Layer-2 flows and communication within the sites.

Recommendations for this layer are:

Use VLANs to segment and isolate traffic where it’s needed. This is the very basic stuff used in almost every data centers but always not consider it as security. Deploy private VLANs (PVLANs) after confirming that traffic flows will not be affected once they are deployed. It is best to ensure that hosts that need to communicate are placed in the same community while hosts that don’t require such connectivity are isolated. Communication of host matrix must be given by customer by clearly defines the traffic flows.

The following layer 2 security mechanisms should be enabled at the access layer :

Thursday, February 26, 2015

Market is on boom and almost every company has opened its door for new positions and everyone is looking for change to grab new positions with new challenges. So make sure that you have prepared the answers for the below questions before your interview. The questions are generic and will make very good impression on interviewer if you answer them in organised and structured manner. The depicted IGP interview questions are for CCNA and CCNP engineers.

Before deploying VxLAN we have to consider it’s underneath deployment model. It could be multicast or unicast. Now the question arises which one is the best for the network. Should we go with Multicast which is as good as broadcast or unicast?

It should be noted that not all deployment types are supported by all devices both physical and virtual. Despite the available hardware and software the best deployment for a particular scenario often depends on the application that will run within the VXLAN. If the application is based on unicast connectivity, in that case unicast mode is preferable. However if you have very large VXLANS with thousands of VM’s on it with each VM being on a separate physical hypervisor then Multicast mode might be better suited.

If the application within a VXLAN relies heavily on either multicast or broadcast messages to keep hosts in sync then this might be a better use case for multicast mode If multicast heavy application is distributed between two physical hypervisors then multicast mode will see no efficiency benefit and unicast mode would be more efficient than multicast mode

Network Operators’ networks are populated with a large and increasing variety of proprietary hardware appliances. To launch a new network service often requires yet another variety and finding the space and power to accommodate these boxes is becoming increasingly difficult; compounded by the increasing costs of energy, capital investment challenges and the rarity of skills necessary to design, integrate and operate increasingly complex hardware-based appliances. Moreover, hardware-based appliances rapidly reach end of life, requiring much of the procuredesign-integrate-deploy cycle to be repeated with little or no revenue benefit. Worse, hardware lifecycles are becoming shorter as technology and services innovation accelerates, inhibiting the roll out of new revenue earning network services and constraining innovation in an increasingly network-centric connected world.

Network Functions Visualization(NFV) aims to address these problems by leveraging standard IT virtualisation technology to consolidate many network equipment types onto industry standard high volume servers, switches and storage, which could be located in Datacentres, Network Nodes and in the end user premises. We believe Network Functions Virtualisation is applicable to any data plane packet processing and control plane function in fixed and mobile network infrastructures. NFV decouples the network functions, such as network address translation (NAT), firewalling, intrusion detection, domain name service (DNS), and caching, to name a few, from proprietary hardware appliances so they can run in software.

Virtualizing Network Functions could potentially offer many benefits including, but not limited to:

Reduced equipment costs and reduced power consumption through consolidating equipment and exploiting the economies of scale of the IT industry.

Increased speed of Time to Market by minimising the typical network operator cycle of innovation.

Availability of network appliance multi-version and multi-tenancy, which allows use of a single platform for different applications, users and tenants. This allows network operators to share resources across services and across different customer bases.

In previous post we have coveredbasics of vxlan and it's deployment models. In this post we will be covering the different ways of VxLAN control plane deployment models.

BGP based VxLAN Control Plane – BGP is the industry preferred protocol for both ease of implementation and scalability. BGP does scale well as it is responsible to the routing of the internet and can easily be adapted to support MAC to VTEP IP address mapping under another address family (That's BGP is called Multi Protocol). The only issue with BGP is the speed at which it often takes to converge after a network change.

LISP based VxLAN Control Plane – The LISP control plane has been talked about heavily as a scalable hierarchical option for the VXLAN control plane however LISP as a whole has never really got much traction. LISP doesn’t have a traditional flood to learn mechanism and learns new routes or mac to VTEP IP mappings.

OpenFlow based – There are a number of VXLAN deployments that use Openflow or XMPP in order to remove the restriction of multicast within VXLAN deployment.

TLV based – The TLV option is often used as a quick and easy way to manipulate existing protocols to transfer new information with IP/VTEP mappings.